Privacy Enhanced Access Control by Means of Policy Blinding

S. Sedghi, Pieter H. Hartel, Willem Jonker, S.I. Nikova

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)

Abstract

Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably has a psychiatric problem. The patient would consider this sensitive in- formation, and she might prefer the honest-but-curious reference monitor to remain oblivious of her mental problem. We present a high level framework for querying and enforcing a role based access control policy that identifies where sensitive information might be disclosed. We then propose a construction which enforces a role based access control policy cryptographically, in such a way that the reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove the security of our scheme showing that it works in theory, but that it has a practical drawback. However, the practical drawback is common to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that there is an underlying fundamental problem that cannot be solved. We also show why attribute based encryption techniques do not not solve the problem of enforcing policy by an honest but curious reference monitor.
Original languageUndefined
Title of host publicationProceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC 2011
EditorsFeng Bao, Jian Weng
Place of PublicationBerlin
PublisherSpringer
Pages108-122
Number of pages15
ISBN (Print)978-3-642-21030-3
DOIs
Publication statusPublished - 24 May 2011

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume6672
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Keywords

  • METIS-277643
  • EWI-20176
  • SCS-Cybersecurity
  • IR-77315

Cite this

Sedghi, S., Hartel, P. H., Jonker, W., & Nikova, S. I. (2011). Privacy Enhanced Access Control by Means of Policy Blinding. In F. Bao, & J. Weng (Eds.), Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC 2011 (pp. 108-122). (Lecture Notes in Computer Science; Vol. 6672). Berlin: Springer. https://doi.org/10.1007/978-3-642-21031-0_9
Sedghi, S. ; Hartel, Pieter H. ; Jonker, Willem ; Nikova, S.I. / Privacy Enhanced Access Control by Means of Policy Blinding. Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC 2011. editor / Feng Bao ; Jian Weng. Berlin : Springer, 2011. pp. 108-122 (Lecture Notes in Computer Science).
@inproceedings{c7c2fa5b07914cb2b63f31598cfaf382,
title = "Privacy Enhanced Access Control by Means of Policy Blinding",
abstract = "Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably has a psychiatric problem. The patient would consider this sensitive in- formation, and she might prefer the honest-but-curious reference monitor to remain oblivious of her mental problem. We present a high level framework for querying and enforcing a role based access control policy that identifies where sensitive information might be disclosed. We then propose a construction which enforces a role based access control policy cryptographically, in such a way that the reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove the security of our scheme showing that it works in theory, but that it has a practical drawback. However, the practical drawback is common to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that there is an underlying fundamental problem that cannot be solved. We also show why attribute based encryption techniques do not not solve the problem of enforcing policy by an honest but curious reference monitor.",
keywords = "METIS-277643, EWI-20176, SCS-Cybersecurity, IR-77315",
author = "S. Sedghi and Hartel, {Pieter H.} and Willem Jonker and S.I. Nikova",
note = "10.1007/978-3-642-21031-0_9",
year = "2011",
month = "5",
day = "24",
doi = "10.1007/978-3-642-21031-0_9",
language = "Undefined",
isbn = "978-3-642-21030-3",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "108--122",
editor = "Feng Bao and Jian Weng",
booktitle = "Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC 2011",

}

Sedghi, S, Hartel, PH, Jonker, W & Nikova, SI 2011, Privacy Enhanced Access Control by Means of Policy Blinding. in F Bao & J Weng (eds), Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC 2011. Lecture Notes in Computer Science, vol. 6672, Springer, Berlin, pp. 108-122. https://doi.org/10.1007/978-3-642-21031-0_9

Privacy Enhanced Access Control by Means of Policy Blinding. / Sedghi, S.; Hartel, Pieter H.; Jonker, Willem; Nikova, S.I.

Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC 2011. ed. / Feng Bao; Jian Weng. Berlin : Springer, 2011. p. 108-122 (Lecture Notes in Computer Science; Vol. 6672).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Privacy Enhanced Access Control by Means of Policy Blinding

AU - Sedghi, S.

AU - Hartel, Pieter H.

AU - Jonker, Willem

AU - Nikova, S.I.

N1 - 10.1007/978-3-642-21031-0_9

PY - 2011/5/24

Y1 - 2011/5/24

N2 - Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably has a psychiatric problem. The patient would consider this sensitive in- formation, and she might prefer the honest-but-curious reference monitor to remain oblivious of her mental problem. We present a high level framework for querying and enforcing a role based access control policy that identifies where sensitive information might be disclosed. We then propose a construction which enforces a role based access control policy cryptographically, in such a way that the reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove the security of our scheme showing that it works in theory, but that it has a practical drawback. However, the practical drawback is common to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that there is an underlying fundamental problem that cannot be solved. We also show why attribute based encryption techniques do not not solve the problem of enforcing policy by an honest but curious reference monitor.

AB - Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably has a psychiatric problem. The patient would consider this sensitive in- formation, and she might prefer the honest-but-curious reference monitor to remain oblivious of her mental problem. We present a high level framework for querying and enforcing a role based access control policy that identifies where sensitive information might be disclosed. We then propose a construction which enforces a role based access control policy cryptographically, in such a way that the reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove the security of our scheme showing that it works in theory, but that it has a practical drawback. However, the practical drawback is common to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that there is an underlying fundamental problem that cannot be solved. We also show why attribute based encryption techniques do not not solve the problem of enforcing policy by an honest but curious reference monitor.

KW - METIS-277643

KW - EWI-20176

KW - SCS-Cybersecurity

KW - IR-77315

U2 - 10.1007/978-3-642-21031-0_9

DO - 10.1007/978-3-642-21031-0_9

M3 - Conference contribution

SN - 978-3-642-21030-3

T3 - Lecture Notes in Computer Science

SP - 108

EP - 122

BT - Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC 2011

A2 - Bao, Feng

A2 - Weng, Jian

PB - Springer

CY - Berlin

ER -

Sedghi S, Hartel PH, Jonker W, Nikova SI. Privacy Enhanced Access Control by Means of Policy Blinding. In Bao F, Weng J, editors, Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC 2011. Berlin: Springer. 2011. p. 108-122. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-642-21031-0_9